apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: system:cloud-controller-manager
rules:
  - resources:
      - tokenreviews
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
    apiGroups:
      - authentication.k8s.io
  - resources:
      - configmaps
      - endpoints
      - pods
      - services
      - secrets
      - serviceaccounts
      - serviceaccounts/token
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
    apiGroups:
      - ''
  - resources:
      - nodes
    verbs:
      - get
      - list
      - watch
      - delete
      - patch
      - update
    apiGroups:
      - ''
  - resources:
      - services/status
      - pods/status
    verbs:
      - update
      - patch
    apiGroups:
      - ''
  - resources:
      - nodes/status
    verbs:
      - patch
      - update
    apiGroups:
      - ''
  - resources:
      - events
      - endpoints
    verbs:
      - create
      - patch
      - update
    apiGroups:
      - ''
  - resources:
      - leases
    verbs:
      - get
      - update
      - create
      - delete
    apiGroups:
      - coordination.k8s.io
  - resources:
      - customresourcedefinitions
    verbs:
      - get
      - update
      - create
      - delete
    apiGroups:
      - apiextensions.k8s.io
  - resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
      - update
      - create
      - patch
      - delete
    apiGroups:
      - networking.k8s.io
  - resources:
      - ingresses/status
    verbs:
      - update
      - patch
    apiGroups:
      - networking.k8s.io
  - resources:
      - endpointslices
    verbs:
      - get
      - list
      - watch
    apiGroups:
      - discovery.k8s.io
